If you work for a large organisation, you’ve probably noticed that health and wellness have become an area of focus over the past several years. Companies have started offering classes on yoga and meditation to their employees, while promoting mental health and emotional wellbeing.
There’s a very good reason for this; not only does it aid workforce retention by creating a positive environment, multiple studies have also shown that healthy and fulfilled workers are more productive. This trend has driven companies to expand their focus on employee wellbeing beyond simply reducing work-related stress to elements like diet, sleep, and exercise, all of which play a major role in how effective people are when they’re at work.
The theory is that, because human beings aren’t robots that can compartmentalise their experiences, every element of a person’s life will feed into every other part. Put simply, you’re not going to be able to do your best work if you’re exhausted, depressed, or suffering from an avoidable health condition. Therefore, it’s in employers’ best interests to keep their staff as healthy as possible both in and out of the office.
The same thinking can also be applied to an organisation’s security for a similar effect. This isn’t to suggest that you start a morning pilates session with your incident response team or bring puppies into your SOC once a week (as adorable as that would undoubtedly be) - instead, this is about applying the principles of holistic wellness to your security strategy.
Just like its employees, an organisation’s security is large, and contains multitudes. Most security teams have tools to manage network firewalls, threat detection, API security, and DDoS mitigation, but looking at these areas in isolation is markedly less helpful than thinking of them as smaller parts of a larger whole. Without looking at the bigger picture, it’s easy for gaps in your security to go unnoticed.
Even this, though, is arguably taking too narrow a focus on security. If corporate wellness involves looking at employees’ health outside the workplace, then security wellness must involve considering your defence posture outside the confines of the operations centre. Take file-sharing as an example; if staff are using a grab-bag of different shadow IT applications to share documents, it’s next to impossible to track what data is being shared and clamp down on unauthorised access. By standardising on one central system, it’s much easier to account for filesharing as part of an overall security profile.
Business culture is also important to consider, even beyond the usual advice of making sure that employees are using good password hygiene, not opening suspicious attachments and the like. If there’s an established process in place for requesting things like financial transfers or sensitive document access, spearphishing attempts involving ‘urgent’ emails for wire transfers purporting to be from a C-suite executive will stick out like a sore thumb.
Multi-vector attacks have been the norm for years, and everything from your application front-end to your staff’s personal laptops are a potential target for hackers. Security teams can no longer afford to look at their IT estate in isolation, but by boring some of the strategies of the modern corporate wellness programme, they can de-stress their operations and bring some harmony and balance to their strategy.
To learn more about how you can bring a holistic attitude to your web protection, register now for our free webinar, in association with Cloudflare and Frost
